OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] Compatibility Clarification


> Seems to me "slightly incompatible" is similar to a "little pregnant"?
> Today we are using only SSO browser POST profile, although we have had
> discussions about extending that to include the artifact profile as
> well.

Artifact profile use is more or less the same on either 1.1 or 1.0. A 1.0
endpoint could well accept a 1.1 request or response depending on how it's
implemented, so it simply depends.

POST is almost guaranteed to not interop except between 1.1 endpoints
because it relies on signatures.

> In general I perceive inter-version compatibility to be a product issue,
> not a standards issue.  This will be particularly true as we move to
> SAML 2.0.  I know 1.x and 2.0 are not compatible and it is not
> reasonable to expect we will all move from 1.x to 2.0 using the "big
> bang" approach - so we will require products that can support
> configuring a mix and match of SAML versions.

I would agree. The compatibility issues in 1.0 vs 1.1 are so subtle and
XML-implementation-dependent that in practice, we should make that statement
much less ambiguous and treat them as effectively separate and suggest
people refer to their implementation. I know in our case, Shibboleth SP 1.0
and 1.1 support is distinct. A given endpoint is configured as to which
version it should handle so it knows which schema to apply, so it's not much
different than supporting 2.0 or any other protocol in that respect, which
is what you're suggesting.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]